Hi all,
EDIT: we found the HTTPS server uses SNI (Server Name Indication), i.e., it has several certificates for the same IP. However, the Sierra’s security API doesn’t provide any parameter to specify the server name, does it?
We are trying to connect with two HTTPS servers, namely S1 and S2. To do so, we call wip_SSLInitOpts() with the root CA certificate (WIP_COPT_CERT_AUTHORITY).
We get the CA certificates of S1 and S2 exporting them with a browser.
The connection with S1 is successfully stablished but the connection with S2 is not (X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN).
After capturing the SSL data with Wireshark we can see the following:
- Server S1 sends the complete certificate chain: server, intermediate and root certificate.
- Server S2 sends send only the server and intermediate certificates.
The root certificate the browser uses in the second case is the one stored in its database (built-in object token).
According to the standard, the server doesn’t have to send the root certificate. Is there any limitation with the Sierra’s security library in that case?
Any ideas will be welcome.
Our HW:
Q268X (Q2687RD)
Our SW:
Bootloader: V10c05
Modem Firmware: 201306260837
Firmware: 7.52.0.201404040850
Internet library Packate: 5.56.0.201305170830
Security Library Package: 2.2.0.201306261000
Thank you,